37 lines
956 B
Plaintext
37 lines
956 B
Plaintext
=== How to fix it in Java SE
|
|
|
|
The following noncompliant code is vulnerable to Regex Denial of Service
|
|
because untrusted data is used as a regex to scan a string without prior
|
|
sanitization or validation.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
public boolean validate(HttpServletRequest request) {
|
|
String regex = request.getParameter("regex");
|
|
String input = request.getParameter("input");
|
|
|
|
return input.matches(regex);
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
public boolean validate(HttpServletRequest request) {
|
|
String regex = request.getParameter("regex");
|
|
String input = request.getParameter("input");
|
|
|
|
return input.matches(Pattern.quote(regex));
|
|
}
|
|
----
|
|
|
|
=== How does this work?
|
|
|
|
include::../../common/fix/validation.adoc[]
|
|
|
|
In the example, `Patter.quote` escapes metacharacters and escape sequences that
|
|
could have broken the initially intended logic.
|